andyMatthews.net

Secure storage in JavaScript, a proof of concept

A week or so ago, a fellow JavaScript developer threw down a challenge.

Suppose you wanted to extend the JavaScript Object such that getting and setting data in the object is only possible when providing a predetermined access key. The key is first used to instantiate the SecureObject and subsequently used when storing and retrieving data from the SecureObject. Provide the implementation for a JavaScript function that satisfies the use case.

While I've been using JavaScript for quite a long time, I'm still lacking in some of the more advanced functionality. Prototyping, classes, public and private members, etc. So I decided to take this challenge and see what I could come up with. After doing some research this is what I came up with. You can download the full source, along with the original challenge doc.

I'd love to get some feedback. I'd also love to discuss the merits of taking this approach...after all, the files are available as plain text via the browser. How secure is it really, and how far should you trust it? What sorts of applications could take advantage of this approach?